By Jon King, CNM Cybersecurity & Privacy Director
and Janaki Desai, CNM Cybersecurity & Privacy Manager
The Russian invasion into Ukraine has exacerbated the existing cybersecurity threat landscape, introducing greater opportunity for threat actors to cause harm to organizations. Although advanced threat actors will be actively working to take advantage of the situation, most organizations will not be directly targeted by nation-state actors and are best served by prioritizing their efforts to bolster and mature their core cyber hygiene and baseline governance practices. Ukraine’s geography and strategic location introduce further challenges to the existing global supply chain issues, emphasizing organization’s imperative to establish and reinforce policies and procedures around effective management and monitoring of third-party service providers and vendors up and down the supply chain. Additionally, conflict of any type in the information age mandates heightened awareness of misinformation and disinformation. Refreshed training on social engineering and misinformation helps reduce the likelihood that threat actors’ efforts will result in disruptions to operations.
- Logging and Monitoring – It is imperative that organizations collect and review audit logs for anomalous activity with focus on privileged and service accounts, network flow data, and network device configuration changes.
- Multifactor Authentication – There are many variations of multifactor authentication. The recommended approach is combining strong passwords with pin codes, security tokens, or biometrics.
- Network Traffic Filtering – A zero trust model, which assumes a breach is imminent, helps to strengthen network security by explicitly verifying all data points, using the principle of least privilege, and implementing network segmentation. A centralized device management strategy using a layered and device level access control approach can protect an organization’s network from threat actors.
- Patching – Staying up to date on the latest patches for systems and developing a patch management policy and procedure to include testing and automation is crucial in addressing known vulnerabilities and ensuring systems operate smoothly.
- Regular Antivirus/Antimalware Scans – Organizations that conduct regular and automated antivirus scans are more successful at identifying and removing malicious threats.
- Strong Spam Filtering – Strengthening spam filters will make the organization less susceptible to phishing attacks as less fraudulent emails reach end users.
- Vulnerability Scanning – A robust Vulnerability Management Program is vital to the evaluation and prioritization of security vulnerabilities and risk. Incorporating an automated vulnerability scanning tool can identify and mitigate risk to the organization and assist with continuous monitoring.
Mature: Conduct exercises to identify gaps in resilience plans and implement lessons learned
Third-party Service Provider & Supply Chain Risk Management
Mature: Identify and begin reviewing third-parties capable of supporting contingency plans to maintain affected operations
Social Engineering and MDM